:

SHINY HUNTERS DEFACES SCHOOL PORTALS IN INSTRUCTURE HACK

AI DESK2 MIN READ
THU, MAY 7, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Cybercriminal group ShinyHunters claimed responsibility for breaching Instructure and defaced login pages at multiple customer schools with extortion demands.

ShinyHunters, a known cybercrime collective, has targeted Instructure for the second time, compromising the learning management platform used by educational institutions worldwide. The group defaced login pages belonging to several Instructure customer schools, replacing them with extortion messages demanding payment. The attack marks another significant breach for Instructure, which provides Canvas, a widely-used learning platform serving thousands of schools and universities. Attack Details ShinyHunters used the compromised login pages as a vector for their extortion scheme, displaying messages to users attempting to access their accounts. This technique puts pressure on institutions to negotiate rather than simply patching the vulnerability. The defacement affected multiple schools simultaneously, suggesting the attackers gained broad access to Instructure's infrastructure or customer data. No official statement has been released regarding the scope of affected institutions or the nature of the compromised data. History of Instructure Breaches This incident follows previous Instructure security incidents, indicating the platform may face ongoing vulnerabilities. Educational technology providers are frequent targets for cybercriminals due to the sensitive student and staff data they hold. Implications The breach highlights security risks within critical education infrastructure. Schools relying on Instructure face potential exposure of student records, grades, and personal information. Parents and students may be at risk if personally identifiable information was accessed. Instructure customers have been advised to monitor accounts for suspicious activity and change passwords. The company typically works with law enforcement and cybersecurity firms to investigate such incidents. ShinyHunters has established a pattern of targeting technology companies and attempting to monetize breaches through extortion. The group's claims of hacking Instructure require verification, though the visible defacement of school portals confirms unauthorized system access.

■ SOURCES

TechCrunch

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.

JUST NOWIndustry Desk

Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.

1H AGOIndustry Desk

Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.

1H AGOIndustry Desk

Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.

1H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.